API Best Practices

Sep 1, 2023

 

 

Concept

With VUSION Cloud, APIs are one of the key elements to the good integration of the Electronic Shelf Labels solution to your internal tools and processes.

In this document you will find our general guidelines and best practices regarding the API management.

Please note that as a standard only one API key per retail chain is included, for more information, you can refer to your SES-Imagotag contact.

API account set-up and management

Creating your API account

You will first need to go on https://api-portal-[env].vusion.io/signup (replace [env] by “eu” or “us”)

When setting-up your account, consider using a distribustion list email, for example vusion_api@yourcompany.com. It will guarantee that this is a future-proof account for your company, regardless of the people in charge on VUSION API developments.

To manage this account, consider doing regular reviews of the people within the distribution list, as well as password rotations.

You need to be able to receive e-mails on this specific e-mail account, as this is the address that we will use to manage the API account (reset password for example) and warn you if you are getting close to the daily API quotas

Account and API key management

Accounts segregation

From a security perspective, we suggest having two dedicated accounts for Lab and Prod environments, example : vusion_api_lab@yourcompany.com and vusion_api@yourcompany.com

If you intend to have different dev teams working on specific use cases, you can also consider having one API account per use case.

 

Keys management

Once your API subscription is active, you are granted two keys per API product (go to your profile page)

Both keys are active and grant you the same rights, scope and quotas. The regeneration of a key will produce a new passphrase, and all API calls using the former passphrase will then get error responses.

To garantee the security of your data, we suggest setting up a key rotation mechanism during the development phase, so that a key can be easily regenated if a security breach occurs. This will allow you to switch from Key #1 to Key #2 without pausing your data synchronization with the VUSION Cloud platform.

Of course, never share your API keys with anyone outside of your organisation (SES-imagotag included).

 

API quotas & how to optimize API efficiency

Each API product for which your are granted API keys have quotas. Those quotas limit the number of calls you can do per 24h as well as the bandwidth you can use per 24h.

As soon as one of these two limits is reached, your next API calls will end up in “403 OutOfQuota” errors, preventing you to do more API calls until midnight. The exact delay you have to wait will be clearly specified in the error response.

Example : your API quotas are 100 000 calls/24h & 1Gb/24h.

Between 00:00am and 02:00pm you send 100 000 API calls. The next API call that you will try to send at 2:01pm will end up in an error 403 and the response will specify “your quota will be resplenished in 9h59m”.

Best practices

To have the best integration with our system, some practices should be implemented on your side. Here are some insights:

Item integration

  • Avoid sending unitary calls whenever possible. If you have multiple items to update, send a call with many items in the body, not one call per item.

  • Batch should be limited to 5000 objects. Sending batches of 500 is a good approach

  • Send only needed items data: do not send items data that will not be used on labels. For instance items that will never be sold in specific stores or items attributes that will not be displayed on the labels. You can use web-hooks to be notified for every new item-label matching so your system knows exactly which items are used in a given store. You can also query unknown items once a day to send the needed item.

  • Send deltas: do not send the whole data, send only data that have changed. You don’t need to send the name and description again if the only element of the article that changed is its price.

  • For store-specific data updates, targeting the full retailChainId.storeId will guarantee a faster items integration than using the retailChainId only.

 

Frequency

  • No matter how often the data is updated on your system, you should always respect a minimum delay between 2 calls. We strongly advice against sending multiple calls per minute for a single store.

  • Depending on the data and your use cases, consider applying different synchronization frequencies : prices and promotion updates must be synced ASAP between your system and VUSION Cloud, while elements like overall customer reviews and ratings can be updated only once a day.

  • For big updates and/or non-urgent updates, consider sending API calls during the closing hours. This will guarantee maximum availability of the VUSION platform for daytime urgent updates.

 

Use of filters

“GET” queries can also consume a lot of bandwidth if not used wisely. As the labels and items data contain a lot of fields, full “GET” API calls can generate a lot of data, that will be deducted from your quotas

  • Consider using filters to sort out only the fields that are needed for your queries

 

Retry mechanism

Retry mechanisms are a good way to ensure that all data synchonizations are done, even when the service is unavailable when you first try to send items or matchings.

Nonetheless, badly configured retry mechanisms can be penalizing for your store performance. Here are a few tips to keep in mind when developing retry mechanisms :

  • Track error codes : different actions are needed depending on the error.

    • When there’s an Out of Quota error for example, there is no need to retry, it should directly trigger an alert internally

    • 429 Errors occur when too many calls are made within 100 seconds, so retrying instantly would be counter productive. The error message indicates clearly how much you have to wait (example : { "statusCode": 429, "message": "Rate limit is exceeded. Try again in 7 seconds." })

    • Another common error can be { "code": 400, "message": "Missing body" } for which a retry will not be helpful either

  • Retry in a smart way : use increasing delays between retries

  • Consider setting a maximum amount of retry per API call, ending in a specific queue if they still fail

 

Typical error codes include :

  • 400 : can be due to "Missing body", "Invalid json", "Invalid item", or other specific errors related to integration errors

  • 401/403 : are due to wrong API rights or proper rights without access to the store

  • 403 : can also be {"statusCode": 403, "message": "Please contact your support: too much erronerous calls for [storeId] on [API URL]"}

  • 403_OutOfQuota : API quotas have been reached over the last 24h, the error code is associated with the delay you have to wait before your quotas start to be replenished => "Quota will be replenished ..."

  • 404 : Standard API response => Not Found - The server cannot find the requested resource

  • 500 : "Internal server error", "Request Timeout after Xms", "The service is unavailable"

  • 552 : Wrong storeId put in the URL

API quotas

Usage Quot

Description

Core

Advanced

Pro

Usage Quot

Description

Core

Advanced

Pro

Base API quota for retail chain

Active traffic monitoring are performed in the background to
immediately identify security threats or anomalies

10000

10000

10000

Number of API calls per day / store

Additional API calls authorised per store (per rolling 24hrs)

5000

10000

20000

API bandwidth (outbound & inbound)

Standard data transmission allowance per store

1 GB

5 GB

10 GB

Ratio labels / items

Allowed ratio between the number of labels in store and
the number of item sent

2

5

10

Number of fields per item (on average)

Average number of information fields allowed per items

30

50

100

Item size kB

 

1

2

5

Other best practices & guidelines

Please also consider the following guidelines :

  • Limit the amount of fields (name, price, description, gencode, etc.) used for your items. 50 fields per item is a good limit for all your use cases

  • Limit the number of references (gencodes, EAN, internal ids) that can be used to match an item to an Electronic Shelf Label. 3 references per item is a good limit, as you can easily keep this list updated.

  • The ratio between the number of items and the number of ESLs should not exceed 5, as you can easily monitor the matchings in each store and you have the tools to delete your items.

 

To sum up

Use distribution list emails for your API account and separate environments

API quotas are not per day but per 24h

Batch your item integrations

Apply delays between each call

Use filters for your queries

Apply well-thought-out retry mechanisms

Don’t use personal emails for your accounts

Don’t share your API keys

Don’t send items or fields that are not needed or didn’t change

Don’t exceed 50 fields per item

Don’t exceed 3 references per item

Don’t exceed the ratio of 5 items per ESL